October 21, 2023 at 05:09AM
Identity services provider Okta disclosed a security incident where threat actors used stolen credentials to access its support case management system. Okta confirmed that customer data in the support system was compromised, but its production Okta service was not affected. The breach has also impacted customers Cloudflare and BeyondTrust. This is not the first security incident for Okta, as it has been targeted due to its widely-used single sign-on services.
Summary:
Okta, an identity services provider, recently experienced a security breach where threat actors accessed its support case management system using stolen credentials. The breach allowed the threat actors to view files uploaded by certain Okta customers. Although the production Okta service was not impacted, the support system is used to upload sensitive HAR files that can contain cookies and session tokens. Okta has worked with affected customers to revoke session tokens and prevent abuse. Okta did not disclose the scale or timing of the attack. Cloudflare and BeyondTrust confirmed being targeted in the support system attack. Cloudflare mentioned that a threat actor hijacked a session token from a support ticket created by a Cloudflare employee. BeyondTrust reported suspicious activity involving session cookies but successfully remediated the attack. Okta has faced previous security incidents due to the popularity of its single sign-on services used by large companies.
Please note that this summary is based on the information provided in the meeting notes and does not include any additional context or details.